Skip to content


Subversion checkout URL

You can clone with
Download ZIP


subscribe security #487

Phorum opened this Issue · 1 comment

1 participant


For later on, to check:

In phorum_user_subscribe (soon to be phorum_api_user_subscribe()), I found the following code:
function phorum_user_subscribe( $user_id, $forum_id, $thread, $type )
$list=phorum_user_access_list( PHORUM_USER_ALLOW_READ );
if(!in_array($forum_id, $list)) return;
return phorum_db_user_subscribe( $user_id, $forum_id, $thread, $type );

How does this work if a user with a subscription is revoked read permissions? Will he still get the messages for the subscription or is that stopped?

Reported by: mmakaay
Imported from TRAC:


he will still get messages.
its too expensive to check for read-permissions for all subscribed users.

By: ts77

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.